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REMARKS 

By this amendment, claims 1-40 are pending, in which claims 2, 4-8, 10-12, 14, 17 and 
20 are currently amended. No new matter is introduced. The claim amendment merely corrects 
discovered informalities. Hence, these changes are not believed to raise new issues requiring 
further consideration and/or search, and it is therefore respectfully requested that the present 
amendment be entered under 37 C.F.R. §1.1 16. 

The final Office Action mailed March 3, 2006 rejected claims 1-4, 6-9, 11-15, 20-24, 26- 
29, 30-34 and 39-40 as obvious under 35 U.S.C. § 103 based on Cohen et al (US 6,434,618) in 
view of Bhattacharya et al (US 6,587,466), claims 5 and 25 as obvious based on Cohen et al. in 
view of Bhattacharya et al and in further in view of Haas (US 5,115,432), claims 16, 18, 35 and 
37 as obvious based on Cohen et al. in view of Bhattacharya et al. and in further in view of 
Feldmen et al. (US 6,055,561), claims 17 and 36 as obvious based on Cohen et al in view of 
Bhattacharya et al and in further in view of Sauter (US 5,537,546), claims 19 and 38 as obvious 
based on Cohen et al in view of Bhattacharya et al and in further in view of Grant et al. (US 
5,027,269), and claims 10 and 29 as obvious based on Cohen et al. in view of Bhattacharya et al 
and in further in view of Gai et al. (US 6,651,096). 

Independent claim 1 recites, "receiving a control message from the external processor, 
by the programmable access device, to establish a configuration of the programmable 
access device." Independent claim 21 recites, "an external processor that transmits a control 
message specifying a configuration" and "a programmable access device that receives 
messages from a first network external to the network access system via a first network interface, 
and that, responsive to the control message, establishes the configuration specified by the 
control message." Independent claim 40 recites "an external processor configured to 
receive, from the programmable access device, a first subset of the input messages and to 
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transmit a control message to the programmable access device specifying a configuration 
to control the selection of the first subset." 

Applicants noted in the prior Response that the above features are not found in the 

combination of Cohen et al and Bhattacharya et al, even if these references could be properly 

combined. The present Office Action still does not address this argument. Instead, the Examiner 

refers to the same passages, col 10: 56-63 and col. 11: 55-62 {Emphasis Added): 

FIG. 5 is a flowchart that illustrates the functioning of a generic gateway program 
in the programmable gateway of the present invention. At step 501 program is 
initialized with the function gwp_nit, which initializes the data structures. At step 
502 the sets of characteristics of the desired packet flows, flowl, flow2, etc., for 
the program are registered with the dispatcher process with the functions 
gwp_start_flow (flowl), gwp_start_flow (flow2), etc. (col. 10: 56-63) 

If yes, decision steps 610, 611 and 612 respectively determine whether the 
message is a request for starting or stopping a flow; a request for processing 
of forthcoming packets within the dispatcher process; or a packet itself that 
has been processed by a gateway program. If it is determined at step 610 that the 
message is a request for starting/stopping a flow, which declares the properties 
of packets to be received, then at step 613, the appropriate request is forwarded to 
the packet filter 403. (col. 1 1 : 55-62) 

The above passages are silent with respect to any "configuration," much less in the 

manner claimed. As best understood, the Examiner appears to equate dispatcher process 402 as 

the claimed external processor and the gateway 400 as the claimed programmable access device 

(Office Action, pages 2 and 3). Also, presumably the request for starting or stopping a flow is 

the claimed control message; however, this request does not specify any configuration 

whatsoever. Further, under the Examiner's interpretation, the request would need to specify 

configuration information. Such interpretation is not supported by Cohen et al, which discloses 

in general terms (col. 4: 11-23) that dispatcher process 402 uses the packet filter process 403 in 

the Linux kernel to obtain packets requested by any of the gateway programs 404, 405 and 406. 

The dispatcher process 402 is the only process which interacts with the packet filter process 403. 
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It is responsible for sending incoming packets on the input 407 of network interfaces 408 to the 
particular gateway program or programs that wish to process them, if any, and for sending the 
processed packets back to the kernel. 

Accordingly, even assuming the references of Cohen et al and Bhattacharya et al were 
properly combined based on some teaching or suggestion in the references, and assuming the 
modifications proposed in the Office Action were justified by additional teachings or suggestions 
found in the references, even the combination does not render the claimed invention obvious. 
Specifically, none the references taken alone, or in combination, teaches or suggests "receiving a 
control message from the external processor, by the programmable access device, to establish a 
configuration of the programmable access device." 

Furthermore, Applicants maintain that one of ordinary skill in the art would not motivated 

to modify the Cohen et al system based on the teachings of Bhattacharya et al On page 3, the 

Office Action acknowledges that "Cohen teaches that processor handling some of packets to be 

process on the programmed gateway, not an external processor," citing to col. 12: 8-12. This 

cited passage states the following: 

Alternatively, the Combined Policy-matching Engine may be located in an 
external policy server and policy decisions may be outsourced to this device, 
while the service specific modules are located at the Policy Enforcement Entity 
such as the router or firewall. 

From this passage, one of ordinary skill would understand that an external policy server 
can be utilized. In the context of the Cohen et al system, this would suggest that the packet filter 
403 can obtain policies from an external policy server, not that the dispatcher process 402 can 
alternatively reside in an external policy server. Therefore, Applicants respectfully submit that 
the Office Action has presented no substantial evidence showing a teaching or motivation to 
combine the prior art references. 
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Therefore, Applicants submit that the features of independent claims 1,21, and 40 are not 
satisfied. 



Also, the rejection of dependent claims 2-4, 6-9, 11-15, 20, 22-24, 26-34, and 39 should 

be withdrawn for at least the same reasons as those discussed above with regard to their 

respective independent claims, and these claims are separately patentable on their own merits. 

For example, claim 2 recites "receiving a control message comprises receiving a filter control 

message to establish a configuration of a packet header filter in the programmable access 

device." The Office Action refers to various passages within Cohen et al. for a supposed 

teaching of the above features: col. 5: 20-25 and col. 5: 66 - col. 6: 9. These passages state the 

following {Emphasis Added): 

Admission daemon 410 starts the execution of both locally injected and remotely 
injected gateway programs. Each gateway program 404, 405 and 406 is registered 
with the dispatcher process 402 by admission daemon 410, which also informs the 
dispatcher process 402 of the privilege level of the program, (col. 5: 20-25) 

Further reduction in the size of messages which are transferred are achieved by 
certain gateway programs that instruct the dispatcher process itself to 
perform specific functionalities rather than having these same functionalities 
performed within a gateway program. For example, packets can be filtered in 
accordance with whether they contain a specific flag, such as the SYN flag, in 
the packet header. This flag, as is well known, marks a packet a being part of a 
TCP connection establishment protocol rather than a data packet for a particular 
connection, (col. 5: 66 - col. 6: 9) 

From these passages, it is evident that the Cohen et al system employs gateway programs 
404, 405 and 406 to instruct the dispatcher process 402 to perform specific functions, filtering 
according to a SYN flag. Given the Examiner's interpretation of the claimed invention (i.e., 
dispatcher process 402 as the claimed external processor), these instructions would constitute the 
control message; however, such control messages are not sent from the dispatcher process 402, 
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but rather from the gateway programs. Therefore, the claimed control message (which is from 
the external processor) cannot be disclosed by Cohen et aL 

As regards the obviousness rejection of claims 5 and 25, Applicants submit that the 
addition of Haas does not cure the deficiencies of Cohen et aL and Bhattacharya et al as 
discussed above. The secondary reference of Haas is applied merely for a supposed teaching of a 
control message to establish a threshold number of allowed retransmissions. 

With respect to the obviousness rejection of claims 16, 18, 35 and 37, Feldmen et aL does 
not fill in the gaps of Cohen et aL and Bhattacharya et aL Feldmen et al. is applied for a 
supposed teaching of exchanging keepalive and acknowledgement messages between the 
external processor and the programmable access device. 

As for the obviousness rejection of claims 17 and 36, this rejection is unsustainable as the 
addition of Sauter to the combination of Cohen et aL and Bhattacharya et al. does not satisfied 
the claimed features. Sauter is relied upon for a supposed teaching of transmitting a control 
message comprises accessing a control processor on the external processor via an application 
programming interface. 

As for claims 19 and 38, the obviousness rejection over the combination of Cohen et aL 
and Bhattacharya et aL in further view of Grant et aL does not met all the claimed features. 
Grant et aL is applied for a supposed teaching of communicating a state of a session from the 
programmable access device to the external processor. 

Lastly, the obvious rejection of claims 10 and 29 over Cohen et aL and Bhattacharya et 
aL in view of Gai et aL is likewise unsustainable, as Gai et al. fails to fill in the gaps of Cohen et 
aL and Bhattacharya et aL Gai et aL is relied upon for a supposed disclosure of a system for 
controlling the configuration of an access device that includes making configuration changes to a 
scheduler and has one or more output queues. 
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Therefore, the present application, as amended, overcomes the rejections of record and is 
in condition for allowance. Favorable consideration is respectfully requested. If any unresolved 
issues remain, it is respectfully requested that the Examiner telephone the undersigned attorney at 
(703) 425-8508 so that such issues may be resolved as expeditiously as possible. 



10507 Braddock Road 
Suite A 

Fairfax, VA 22032 
Tel. (703) 425-8508 
Fax. (703) 425-8518 



Respectfully Submitted, 



DITTHAVONG & MORI, P.C. 





Attorney/ Agent for Applicant(s) 
Reg. No. 44658 
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